» » » Google Detects Tizi Android Spyware Spying on Sosmed and Messaging Apps

Google Detects Tizi Android Spyware Spying on Sosmed and Messaging Apps

, Edit
Tizi is a fully equipped Android backdoor with rooting capabilities as well as installing spyware apps on victim devices to steal sensitive data from popular social media and messaging apps

Cyber News 404 - Found on a device targeted in African countries, Tizi is a fully equipped Android backdoor with rooting capabilities as well as installing spyware apps on victim devices to steal sensitive data from popular social media and messaging apps like Facebook, Twitter, WhatsApp, Viber, Skype , LinkedIn, and Telegram.

"The Google Play Protect security team found this family in September 2017 when the scanner tool found an application with rooting capabilities that exploited an old vulnerability," Google said in a blog post. "The team used this app to find more application variants of the Tizi family, the oldest being from October 2015."

Most Tizi-infected apps are advertised on social media sites and 3rd-party app stores, tricking users into installing them.

Once installed, an innocent search application gains root access from an infected device to install spyware, which then contacts its command and control server by sending SMS text messages as well as GPS coordinates from infected devices to specific numbers.

Here's How Tizi Gets Root Access On Infected Devices
To gain root access, the backdoor exploits weaknesses previously expressed on older chipsets, devices and older versions of Android, including CVE-2012-4220, CVE-2013-2596, CVE-2013-2597, CVE-2013-2595, CVE- 2013- 2094, CVE-2013-6282, CVE-2014-3153, CVE-2015-3636, and CVE-2015-1805.

If the backdoor can not access root on the infected device because all registered vulnerabilities are patched, "the backdoor will still try to take some action through the high permission level, asking the user to provide it, especially around reading and sending SMS messages and monitoring, diverting, and preventing outgoing phone calls, "Google said.

Tizi has also been designed to communicate with its command and control server via a regular HTTPS protocol or using the MQTT message protocol to receive commands from attackers and upload stolen data.

The backdoor contains various common capabilities for commercial spyware, such as:
  • Stealing data from popular social media platforms and messaging including Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.
  • Record calls from WhatsApp, Viber, and Skype.
  • Send and receive SMS messages.
  • Access calendar events, call logs, contacts, photos, and a list of installed apps.
  • Steal Wi-Fi encryption keys.
  • Record ambient audio and take pictures without displaying images on the screen of the device.


So far Google has identified 1,300 Android devices infected by Tizi and deleted them.

The majority of infected devices are in African countries, especially Kenya, Nigeria, and Tanzania.

Masukan Emailmu Untuk Menjadi Visitor Premium

0 Response to "Google Detects Tizi Android Spyware Spying on Sosmed and Messaging Apps"

Post a Comment

Subscribe to: Post Comments (Atom)